---
description:
  Learn how to set headers in GraphQL Mesh! Configure schemaHeaders and operationHeaders to control
  headers for schema introspection and operation execution. Use dynamic values for authentication.
---

import { Callout } from '@theguild/components'

# Setting Headers

<Callout emoji="⚠️" type="warning">
  This method is not relevant to all handlers!

Please make sure the handler you are using supports this method: You can do it by checking if
handler's config reference (appearing on it's designated doc) includes the header fields mentioned
in this doc.

</Callout>

## Setting configurations

There are two headers-designated configuration fields under each handler - `schemaHeaders` and
`operationHeaders`:

### `operationHeaders`

Optional field. Used to set the Headers for _operation execution_. Expects JSON object representing
the Headers.

In this example `operationHeaders` is used to defined the content of the request as Json:

```yaml filename=".meshrc.yaml" {5-6}
sources:
  - name: Example
    handler:
      <handler-name>:
        operationHeaders:
          Content-Type: application/json
```

### `schemaHeaders`

Optional field. Used to set the Headers for _schema introspection_. Expects JSON object representing
the Headers.

## Dynamic Header Values (e.g., for Authorization)

Mesh can take dynamic values from the GraphQL Context or the environmental variables. For example,
if you use `mesh dev` or `mesh start`, GraphQL Context will be the incoming HTTP request.

The expression inside dynamic values should be as in JS.

### From Context (HTTP Header for `mesh dev` or `mesh start`)

```yaml filename=".meshrc.yaml"
sources:
  - name: Example
    handler:
      <handler-name>:
        operationHeaders:
          # Please do not use capital letters while getting the headers
          # Use "{context.headers['x-my-api-token']}" if you want just the value of the header
          Authorization: Bearer {context.headers['x-my-api-token']}
          # You can also access to the cookies like below;
          # Authorization: Bearer {context.cookies.myApiToken}
```

### From Environment Variables

Set up the variable on your environment, e.g `VERY_SECRET_TOKEN=12345`. Then you can use it using
`{env.VERY_SECRET_TOKEN}`.

The config wil look something like:

```yaml filename=".meshrc.yaml" {6}
sources:
  - name: Example
    handler:
      <handler-name>:
        operationHeaders:
          Authorization: Bearer {env.VERY_SECRET_TOKEN}
```
